Applicant: The Kantara Initiative Educational Foundation, a 501 (c3) organization
Project Title: Ensure Patient Choice on the Mobile Phone
Status: As submitted
Signature of Authorized Certifying Official -- Title (for example chairman of the board)
Project Abstract Summary
This is a project to give patients choice in their own healthcare by providing the assurance that access to their medical records and care options can be faithfully executed by the phone or any other computer that they carry with them everywhere. This means not just that they can access their records, as guaranteed by the 21th Century Cures Acts, but that the phone will not become a path to steal those records and promote inappropriate remedies to them at the most vulnerable times of their lives.
In particular this proposal would enable, by the time that the Cures Act is enforced, assertions by the apps and the phones to assure that the patient or guardian is: (1) who they say they are, (2) present at the phone in use and (3) protected from theft of any information on the phone or during any communications with the healthcare system. This is achieved by certification of the developers, and the specific phone configuration that the app has enabled on the phone. This information is provided to any electronic health information website prior to release of information or acceptance of patient directives. A registry of accepted developers, apps and devices will be maintained and can be accessed at any time by patients or care providers to verify that assurance. This will give the care providers the evidence that they need to show that they have met the requirements of, not only the Cures Act, but state and federal privacy regulations as well.
This project will address the level of assurance needed to meet the final rule as well as the TEFCA requirements, although the primary focus will be on meeting the file rule in the initial deployment of a registry and set of assessment criteria for the application developers based on the existing work of Kantara and the CARIN Alliance.
Time is of the essence of this proposal so an expeditious start is required and initial planning is already underway to make these assurances a reality when they are needed.
The Kantara Initiative Educational Foundation Board as ultimate authority.
Prior Programs managed by Kantara and its constituent parts:
- The only working Service Assessment Criteria for NIST SP 800-63-3 specifications.
- SAML federations and trust registries.
- User Managed Access, Consent Receipt and other important specifications.
The Work Groups on Healthcare and Identity Assurance for liaison and direction.
Key Staff and Volunteer Personnel assembled to implement the program.
Principal Project Manager: TK
Experience managing government grant programs: DARPA, IDESG project
- NSTIC – IDESG The Cross Sector Digital Identity Initiative (CSDII) with AAMVA
- DARPA contract for BIOS Integrity Measurements Heuristics Tool
Funds to kick start on on-going assessment and API registry.
Future Funding Expectations:
1> The providers of electronic health records in proportion to the use of this by their patients.
As a follow-on to an effort extending for two years to enable a API registry for companies that pass detailed conformance criteria, the proposal plans to complete the deployment of a cloud-based registry with the registrations of applications that meet the criteria of the Cures Final Rule for application acceptance by Electronic Health Records to enable release of patient records. Coincident with that effort a parallel effort to create a Service Assessment Criteria with input from affect organization on the set of questions to be address prior to acceptance of an application into the registry.
Copy of by-Laws:
Proof of Non-Profit Status:
Grant docs used: